WordPress Plugin Vulnerabilities

Robo Gallery <= 3.2.11 - Cross-Site Request Forgery

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks.

The original researcher didn't provide enough information on which actions could be performed.

Affects Plugins

Plugin icon
robo-gallery
Fixed in 3.2.12

References

CVE
CVE-2023-24414

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
b373ea5c-ccab-45bf-83c4-4b506cd93870

Timeline

Publicly Published
2023-01-30 (about 3 years ago)
Added
2023-05-22 (about 2 years ago)
Last Updated
2023-05-22 (about 2 years ago)

Other

Published
Title
Published
2025-06-05
Title
Konami Easter Egg <= v0.4 - Cross-Site Request Forgery
Published
2017-01-11
Title
WordPress <= 4.7 - Cross-Site Request Forgery (CSRF) via Flash Upload
Published
2019-04-05
Title
Contact Form by WD <= 1.13.4 - Cross-Site Request Forgery to LFI
Published
2024-04-12
Title
WpTravelly < 1.6.1 - Cross-Site Request Forgery
Published
2019-06-27
Title
ACF Better Search <= 3.3.0 - Cross-Site Request Forgery (CSRF)